/contrib/bsnmp/snmp_vacm/snmp_vacm.3

https://bitbucket.org/freebsd/freebsd-head/ · Unknown · 94 lines · 94 code · 0 blank · 0 comment · 0 complexity · a8658902c5e0e84ecbfe6afdae1f4b88 MD5 · raw file

  1. .\"-
  2. .\" Copyright (C) 2010 The FreeBSD Foundation
  3. .\" All rights reserved.
  4. .\"
  5. .\" This documentation was written by Shteryana Sotirova Shopova under
  6. .\" sponsorship from the FreeBSD Foundation.
  7. .\"
  8. .\" Redistribution and use in source and binary forms, with or without
  9. .\" modification, are permitted provided that the following conditions
  10. .\" are met:
  11. .\" 1. Redistributions of source code must retain the above copyright
  12. .\" notice, this list of conditions and the following disclaimer.
  13. .\" 2. Redistributions in binary form must reproduce the above copyright
  14. .\" notice, this list of conditions and the following disclaimer in the
  15. .\" documentation and/or other materials provided with the distribution.
  16. .\"
  17. .\" THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  18. .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  19. .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  20. .\" ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
  21. .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  22. .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  23. .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  24. .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  25. .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  26. .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  27. .\" SUCH DAMAGE.
  28. .\"
  29. .\" $FreeBSD$
  30. .\"
  31. .Dd October 7, 2010
  32. .Dt SNMP_VACM 3
  33. .Os
  34. .Sh NAME
  35. .Nm snmp_vacm
  36. .Nd "View-based Access Control module for"
  37. .Xr bsnmpd 1
  38. .Sh LIBRARY
  39. .Pq begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so"
  40. .Sh DESCRIPTION
  41. The
  42. .Nm snmp_vacm
  43. module implements SNMPv3 View-based Access Control Model MIB as defined in
  44. RFC 3415. The module is used to manage the internal lists of SNMPv1, v2c and
  45. v3 user names and groups and their access rights to fetch or modify the values
  46. of the MIB objects maintained by
  47. .Nm bsnmpd
  48. and the modules loaded in the daemon.
  49. The module must be loaded for
  50. .Nm bsnmpd
  51. to implement proper view-based access control. If the module is not loaded,
  52. access is granted to all configured SNMPv1 & SNMPv2c communities and SNMPv3
  53. USM users.
  54. .Sh IMPLEMENTATION NOTES
  55. An entry in any table implemented by this MIB may be created by setting the
  56. relevant RowStatus column to createAndGo (4) - in fact, any other value for
  57. those columns in a SET operation will cause an error. When an entry is created,
  58. any of its columns that is not used as index, is set to the default value as
  59. specified in the SNMP-VIEW-BASED-ACM-MIB. All entries maintained by the module
  60. are persistent after reboot if created via
  61. .Nm bsnmpd 's
  62. config file, otherwise entries created via SNMP are lost after reboot.
  63. A short description of the objects in the MIB follows.
  64. .Bl -tag -width "XXXXXXXXX"
  65. .It Va vacmContextTable
  66. A read-only table that consists of a list of SNMP contexts available in
  67. .Nm bsnmpd .
  68. .It Va vacmSecurityToGroupTable
  69. The table contains a list of SNMPv1, v2c and v3 user names and the groups
  70. they belong to.
  71. .It Va vacmAccessTable
  72. The table contains a list of SNMP contexts to groups mappings and respectively
  73. the names of the SNMP views under those contexts, to which users in the group
  74. are granted read-only, read-write access or receive notifications for the
  75. objects under the subtree in the relevant view.
  76. .It Va vacmViewTreeFamilyTable
  77. The table contains a list of SNMP views, i.e. entries specifying the OID of a
  78. MIB subtree and whether access to the objects under this subtree is to be
  79. allowed or forbidden.
  80. .El
  81. .Sh FILES
  82. .Bl -tag -width "XXXXXXXXX"
  83. .It Pa /usr/share/snmp/defs/vacm_tree.def
  84. The description of the MIB tree implemented by
  85. .Nm .
  86. .El
  87. .Sh SEE ALSO
  88. .Xr bsnmpd 1 ,
  89. .Xr gensnmptree 1 ,
  90. .Xr snmpmod 3
  91. .Sh STANDARDS
  92. IETF RFC 3415
  93. .Sh AUTHORS
  94. .An Shteryana Shopova Aq syrinx@FreeBSD.org